The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned crypto mixer, Tornado Cash, adding 38 Ethereum wallet addresses to the Specially Designated Nationals (SDN List). Crypto mixers are programs that mix various cryptocurrencies in private pools before transferring it to designated receivers. OFAC found that Tornado Cash laundered over $455 million of stolen cryptocurrency by the North Korea-affiliated hacking organization, Lazarus Group. Tornado Cash also laundered cash from two more hacks that involved Harmony Bridge and Nomad Bridge. Both companies allow users to send cryptocurrencies between blockchains. This designation makes Tornado Cash the second cryptocurrency mixer sanctioned by OFAC, following the cryptocurrency mixer Blender.io, who also laundered stolen funds by Lazarus Group.
Why this is important. Many people use crypto mixers to keep their cryptocurrency transactions private by mixing potentially identifiable cryptocurrency funds with sums of other funds. These mixers can make transactions private between services and often do not require “Know Your Customer” (KYC) checks. As a result, the ability of crypto mixers to launder money or conceal earnings is high – which we have seen through the number of hacks involving crypto money laundering this year. More cryptocurrency has been stolen and laundered this year alone than in prior years. In almost every hack this year, Tornado Cash has received at least some of the stolen funds.
Sanctioning Tornado Cash isn’t like sanctioning a centralized service because the smart-contract code can run free-standing – without developer maintenance. As the crypto space evolves, it will be interesting to see how OFAC will handle decentralized and centralized institutions whose goals are to create services that involve anonymity (private transactions) that run on their own. Will Tornado Cash be the starting point for OFAC in creating rules and regulations surrounding open-sourced protocols?